Bithumb Global is a leading cryptocurrency exchange which offering cryptocurrency trading and services.
According to a study at the University of Maryland, there is a hacker attack every 39 seconds on average, affecting one in three Americans every year.
What makes it worse is that more than 77% of organizations do not have a Cyber Security Incident Response plan, when an estimated 54% of these companies have experienced one or more attacks in the last 12 months.
These facts make Cybercrime the greatest threat in the world. Today, hackers are not only targeting corporations, banks or wealthy celebrities but also individual users like you and me.
Therefore, as long as you’re connected to the Internet, you are a potential victim of cyberattacks.
By identifying these core issues and concerns, Bithumb Global has collaborated with SlowMist Zone, a company focused on blockchain ecosystem security, to launch a Bug Bounty program to increase awareness about security vulnerabilities and cyber attacks.
Being the top three most secure crypto exchange by Cybersecurity rating, Bithumb Global truly understands the havocs that cybercrimes can cause and thus wants to encourage participants from across the globe to participate in the "Bug Bounty Program" and win a maximum reward of up to 10,000 USDT!
Being the second most secure Crypto Exchange with cybersecurity score of 9.81 along with verified penetration test and proof of funds, Bithumb Global wants to recognize every security vulnerability and threat to be the most reliable and secure Crypto Exchange.
To achieve this goal we have entered the SlowMist Zone with our Bug Bounty program. To participate in this program and report a vulnerability, the reporter needs to visit the "SlowMist Zone" website and submit a threat intelligence which will be reviewed by the SlowMist Security Team.
The whole program follows three steps. The first step is the “Reporting Stage” where a reporter will submit a threat intelligence on the SlowMist. This stage is followed by the “Processing Stage” where the SlowMist Security Team will confirm the threat intelligence report from the "SlowMist Zone" within one working day and mark the status of the threat as ‘to be reviewed’.
SlowMist team will also follow up, evaluate the problem, and feed the intelligence back to the Bithumb Global contact person during this time.
Once this is done, the Bithumb Global technical team will deal with the problem, draw conclusions and record points, such as whether the vulnerability is confirmed or ignored and mark the report status accordingly.
In case it is needed, the Bithumb Global technical team will also communicate with the reporter, and ask the reporter for assistance. This will mark the end of the second stage for the reported vulnerability.
The last stage is the “Reporting Stage” where the Bithumb Global business department shall repair the security problems in the threat intelligence and update the status online as repaired.
The timeframe for repairing depends on the severity of the problem and the complexity of the repair.
In general, the team repairs the critical and high-risk problems within 24 hours, medium-risk problems are catered to within 3 working days, and the low-risk problems are taken care of within 7 working days.
The reporter then confirms whether the security problem has been repaired or not. Once verified of the repair, the Bithumb Global technical team will inform the SlowMist Security Team of the conclusion and the vulnerability score.
They will also issue rewards with the SlowMist Security Team and mark the status of threat report as completed.
The vulnerabilities are divided into 4 different levels with a maximum reward up to 10000 USDT. The final award for every submission depends on the severity of the vulnerability and the true impact of the vulnerability.
Critical Vulnerabilities: These are the vulnerabilities that occur in the core business system (the core control system, field control, business distribution system, fortress machine and other control systems that can manage a large number of systems).
These vulnerabilities can cause a severe impact, gain business system control access (depending on the actual situation), gain core system management staff access, and even control the core system.
Reporting Critical vulnerabilities is most important for Bithumb Global and most rewarding for reporters.
By reporting a critical vulnerability, you can earn Bithumb Global Rewards worth 2500 ~ 10000 USDT and SlowMist Zone Reward worth 512 SLOWMISTs.
These include but are not limited to:
High-risk Vulnerabilities: When reporting a high-risk vulnerability, you have a chance to grab Bithumb Global Rewards worth 300 ~ 2500 USDT and SlowMist Zone Reward of 256 SLOWMISTs.
The vulnerabilities classified as high-risk are the following:
Medium-risk Vulnerabilities: When you report a medium-risk vulnerability, you are rewarded with 100 ~ 300 USDT of Bithumb Global Reward and 100 SLOWMIST of SlowMist Zone Reward.
These include the following vulnerabilities:
Low-risk Vulnerabilities: For reporting a low-risk vulnerability, the reporter is rewarded with Bithumb Global reward worth 10 ~ 100 USDT and SlowMist Zone Reward of 32 SLOWMIST.
These vulnerabilities include:
Vulnerabilities not Accepted at the Moment: Some of the discovered vulnerabilities belonging to the below-stated categories are temporarily not included in the bounty scope, except for those that can cause serious business impact (it needs to be verified by the Bithumb Global team).
To make the Bug Bounty Programme fair, Bithumb Global team has laid down some ground rules to which every reporter must adhere to. These rules are listed below:
It is forbidden to use web/port automatic scanners and other behaviours that may cause a large number of traffic requests. Network terminals and abnormal service access caused by these behaviours will be handled in accordance with relevant laws and regulations;
Avoid possible impacts or restrictions including but not limited to the availability of business, products, architecture, etc.;
All vulnerability tests should clearly use their own accounts, and avoid obtaining other user accounts in any form for testing/intrusion operations;
It is forbidden to abuse of Dos/DDoS vulnerabilities, social engineering attacks, spam, phishing attacks, etc.;
For combined exploitable vulnerabilities, we will only pay for the highest level of vulnerabilities.
Without permission from Bithumb Global, it is forbidden to disclose the details of any discovered vulnerabilities.
It is your time to contribute towards a safer Crypto economy. Join Bithumb Global’s Security-vulnerabilities and Threat-intelligence Bounty Programme to Help us build the most reliable and secure crypto exchange and earn rewards for your efforts.
For more information visit:https://slowmist.io/en/bithumb-global/
Create your free account to unlock your custom reading experience.